zloader | de5947af1ec1e205ed4c953359a8ca9b6a72dc4ffc81ce1048969553d440c265 | Triage

Resubmissions

15-11-2023 13:43

231115-q1nhlacd3y 10

01-02-2022 08:59

220201-kx5d2scde4 10

Sharing

General

Target

de5947af1ec1e205ed4c953359a8ca9b6a72dc4ffc81ce1048969553d440c265
Size

273KB
Sample

220201-kx5d2scde4
MD5

163a79fe07ad55433db4c41746d88383
SHA1

3ff73b6fb15a29cd10bb66b862d9e677ca75fd2c
SHA256

de5947af1ec1e205ed4c953359a8ca9b6a72dc4ffc81ce1048969553d440c265
SHA512

6d526e4fa07471207f4a0b17a6f360f47bfe7bf63288bdc017df0578c30530173593d0bbc371b9e91d9e4222fe7968c3fadbcdd7a3b719462f6bf89476a83b93

Score

10^/10

zloader saca adw2 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

saca

Campaign

adw2

C2

https://islacangrejo.fun/library/topikpost.php

https://j2888hennene.site/library/topikpost.php

Attributes

build_id
1970759022

rc4.plain

Targets

- Target
  
  de5947af1ec1e205ed4c953359a8ca9b6a72dc4ffc81ce1048969553d440c265
- Size
  
  273KB
- MD5
  
  163a79fe07ad55433db4c41746d88383
- SHA1
  
  3ff73b6fb15a29cd10bb66b862d9e677ca75fd2c
- SHA256
  
  de5947af1ec1e205ed4c953359a8ca9b6a72dc4ffc81ce1048969553d440c265
- SHA512
  
  6d526e4fa07471207f4a0b17a6f360f47bfe7bf63288bdc017df0578c30530173593d0bbc371b9e91d9e4222fe7968c3fadbcdd7a3b719462f6bf89476a83b93
Score

10^/10

zloader saca adw2 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadersacaadw2botnetpersistencetrojan

behavioral2